Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/4XDTgKla1rxaiba87MzmVbCxSeA.roa
File: 4XDTgKla1rxaiba87MzmVbCxSeA.roa (raw, json)
Hash identifier: 1GPraZTSJEr2WNfrkQmsBtjLmeOrQJsC9mKdhIKVuLA=
Subject key identifier: E1:70:D3:80:A9:5A:D6:BC:5A:89:B6:BC:EC:CC:E6:55:B0:B1:49:E0
Certificate issuer: /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial: 01843333981206E901F1038E9F281C521867
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/4XDTgKla1rxaiba87MzmVbCxSeA.roa
Signing time: Tue 01 Nov 2022 12:38:50 +0000
ROA not before: Tue 01 Nov 2022 12:38:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 32787
IP address blocks: 95.100.157.0/24 maxlen: 24
2.17.192.0/24 maxlen: 24
2.17.192.0/22 maxlen: 22
2.17.193.0/24 maxlen: 24
2.17.195.0/24 maxlen: 24
2.17.194.0/24 maxlen: 24
2.21.175.0/24 maxlen: 24
95.100.215.0/24 maxlen: 24
95.100.214.0/24 maxlen: 24
92.122.207.0/24 maxlen: 24
95.100.253.0/24 maxlen: 24
93.191.172.0/24 maxlen: 24
93.191.168.0/24 maxlen: 24
93.191.169.0/24 maxlen: 24
95.100.180.0/24 maxlen: 24
92.122.185.0/24 maxlen: 24
95.100.213.0/24 maxlen: 24
92.122.184.0/24 maxlen: 24
95.100.212.0/24 maxlen: 24
95.101.118.0/24 maxlen: 24
95.101.117.0/24 maxlen: 24
2.19.4.0/22 maxlen: 22
2a02:2370:2::/48 maxlen: 48
2a02:2370:102::/48 maxlen: 48
2a02:2370:202::/48 maxlen: 48
2a02:2370:6::/48 maxlen: 48
2a02:2370:106::/48 maxlen: 48
2a02:2370:206::/48 maxlen: 48
2a02:2370:1::/48 maxlen: 48
2a02:2370:101::/48 maxlen: 48
2a02:2370:201::/48 maxlen: 48
2a02:2370:204::/48 maxlen: 48
2a02:2370:4::/48 maxlen: 48
2a02:2370:104::/48 maxlen: 48
2a02:2370:103::/48 maxlen: 48
2a02:2370:203::/48 maxlen: 48
2a02:2370:3::/48 maxlen: 48
2a02:2370:200::/48 maxlen: 48
2a02:2370:5::/48 maxlen: 48
2a02:2370:105::/48 maxlen: 48
2a02:2370:205::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:33:33:98:12:06:e9:01:f1:03:8e:9f:28:1c:52:18:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Validity
Not Before: Nov 1 12:38:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e170d380a95ad6bc5a89b6bceccce655b0b149e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:22:fe:9e:70:0b:81:02:9d:89:04:76:33:e0:
7b:4b:ff:48:ea:2c:17:7e:29:61:1d:23:51:9c:90:
ef:26:82:b6:de:a8:7a:8b:3e:91:97:45:be:52:44:
6e:cf:68:c8:7d:b2:d6:3a:82:e0:55:b3:25:a7:b8:
03:84:43:e6:01:03:79:b3:2a:3f:d1:1d:51:27:e8:
d4:a2:91:44:e3:f5:ef:0a:f0:29:6c:ea:24:19:4e:
b4:00:c4:fc:bb:b2:31:56:67:3a:05:46:8b:b4:f2:
f0:2c:8c:70:9c:46:62:b4:07:55:ad:cc:38:dc:16:
7b:30:8c:3e:77:26:6d:5c:29:72:22:fb:58:99:23:
97:59:c4:88:3b:63:78:93:24:b0:91:02:0f:d7:b0:
36:f3:f5:aa:8c:27:05:97:de:30:9a:12:a5:f7:e2:
a0:40:80:03:5e:b4:0f:56:88:26:26:3e:17:a7:d6:
fd:49:eb:83:c4:1b:96:f5:0b:60:81:d6:41:5b:59:
cc:1e:c6:40:43:91:18:b7:96:97:e2:76:af:8b:40:
e6:5f:91:ce:18:3a:d0:3e:b1:a8:10:1f:20:5a:be:
48:70:d3:df:94:63:e8:9b:c5:0e:a0:4d:76:73:8b:
c8:a1:fb:ba:f1:84:ae:3e:ac:ed:14:01:87:3f:9c:
b1:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:70:D3:80:A9:5A:D6:BC:5A:89:B6:BC:EC:CC:E6:55:B0:B1:49:E0
X509v3 Authority Key Identifier:
keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/4XDTgKla1rxaiba87MzmVbCxSeA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.17.192.0/22
2.19.4.0/22
2.21.175.0/24
92.122.184.0/23
92.122.207.0/24
93.191.168.0/23
93.191.172.0/24
95.100.157.0/24
95.100.180.0/24
95.100.212.0/22
95.100.253.0/24
95.101.117.0-95.101.118.255
IPv6:
2a02:2370:1::-2a02:2370:6:ffff:ffff:ffff:ffff:ffff
2a02:2370:101::-2a02:2370:106:ffff:ffff:ffff:ffff:ffff
2a02:2370:200::-2a02:2370:206:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
18:89:78:1b:20:ff:22:c1:ac:62:6a:ab:b2:48:3e:a0:55:04:
3c:50:84:4e:fb:cf:7e:d1:d3:6c:87:9f:79:82:3f:71:41:e1:
6c:81:6a:81:8b:b8:a4:91:a0:00:7c:41:68:2f:a1:7c:9f:66:
26:c4:9a:ae:05:20:c7:b1:c5:fb:48:5e:e8:5f:da:f2:c4:83:
aa:eb:6b:6d:d1:88:f9:c1:a1:58:8d:29:be:77:ae:b2:81:14:
5b:21:57:98:09:2f:75:a3:54:a2:9e:ac:18:c4:8a:2f:47:52:
98:bd:69:6f:75:bf:3a:2b:ab:5f:4d:29:15:84:bc:dc:de:03:
f8:c0:06:22:5c:5e:1d:8f:89:b5:cd:9e:d3:1a:06:14:73:3a:
2e:b8:5c:d9:00:45:fd:41:e3:f3:b1:0d:be:5c:a9:9a:4e:19:
70:4e:9d:43:b7:27:ed:41:5a:0e:ca:d3:28:a6:ef:e7:b1:d0:
96:4b:81:cb:0d:3e:0c:b5:56:4c:c9:13:6e:b3:db:1a:b2:05:
ac:60:b1:ed:08:56:59:4a:7a:59:cc:2d:85:13:a0:2c:a3:56:
6a:9a:a8:2b:c7:9b:ab:b7:e1:92:8a:28:93:21:47:4d:c2:c6:
f1:48:30:eb:75:44:da:1a:ae:cc:fa:08:67:c9:f2:31:a6:7d:
78:0e:8c:51
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgISAYQzM5gSBukB8QOOnygcUhhnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjIxMTAxMTIzODUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTcwZDM4MGE5NWFkNmJjNWE4OWI2YmNlY2NjZTY1NWIwYjE0OWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyL+nnALgQKdiQR2M+B7S/9I6iwX
filhHSNRnJDvJoK23qh6iz6Rl0W+UkRuz2jIfbLWOoLgVbMlp7gDhEPmAQN5syo/
0R1RJ+jUopFE4/XvCvApbOokGU60AMT8u7IxVmc6BUaLtPLwLIxwnEZitAdVrcw4
3BZ7MIw+dyZtXClyIvtYmSOXWcSIO2N4kySwkQIP17A28/WqjCcFl94wmhKl9+Kg
QIADXrQPVogmJj4Xp9b9SeuDxBuW9QtggdZBW1nMHsZAQ5EYt5aX4navi0DmX5HO
GDrQPrGoEB8gWr5IcNPflGPom8UOoE12c4vIofu68YSuPqztFAGHP5yxUwIDAQAB
o4ICmTCCApUwHQYDVR0OBBYEFOFw04CpWta8Wom2vOzM5lWwsUngMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvNFhEVGdLbGExcnhhaWJhODdNem1WYkN4U2VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGuBggrBgEFBQcBBwEB/wSBnjCBmzBWBAIAATBQAwQCAhHA
AwQCAhMEAwQAAhWvAwQBXHq4AwQAXHrPAwQBXb+oAwQAXb+sAwQAX2SdAwQAX2S0
AwQCX2TUAwQAX2T9MAwDBABfZXUDBABfZXYwQQQCAAIwOzASAwcAKgIjcAABAwcA
KgIjcAAGMBIDBwAqAiNwAQEDBwAqAiNwAQYwEQMGASoCI3ACAwcAKgIjcAIGMA0G
CSqGSIb3DQEBCwUAA4IBAQAYiXgbIP8iwaxiaquySD6gVQQ8UIRO+89+0dNsh595
gj9xQeFsgWqBi7ikkaAAfEFoL6F8n2YmxJquBSDHscX7SF7oX9ryxIOq62tt0Yj5
waFYjSm+d66ygRRbIVeYCS91o1SinqwYxIovR1KYvWlvdb86K6tfTSkVhLzc3gP4
wAYiXF4dj4m1zZ7TGgYUczouuFzZAEX9QePzsQ2+XKmaThlwTp1DtyftQVoOytMo
pu/nsdCWS4HLDT4MtVZMyRNus9sasgWsYLHtCFZZSnpZzC2FE6Aso1Zqmqgrx5ur
t+GSiiiTIUdNwsbxSDDrdUTaGq7M+ghnyfIxpn14DoxR
-----END CERTIFICATE-----